**NOTE:** Unless you have an old kernel, consider using the mac80211 version of the driver and follow ​[[zd1211rw-mac80211|these instructinons]]. It is a much simpler way to obtain injection capability.

+

**IMPORTANT ​NOTE**: This page is deprecated, updated documentation can be found [[install_drivers|here]]

-

This driver supports the zd1211 and the newer zd1211b chipsets ​by Zydas. ​ Atheros has acquired Zydas and renamed this chipset to AR5007UG.

+

====== zd1211rw ======

+

authored ​by sleek

-

In pre-2.6.25 kernels, the older zd1211 chipset only partially supports injection. ​ Any injection which requires the device to receive a packet does not work correctly. ​ So the fake authentication,​ chopchop, ​and fragmentation attacks plus injection ​testing do not work. Other basic functions such as monitor mode and the remaining attacks work.

+

**Review ​and injection ​tutorial**

-

The new zd1211b ​chipset only partially supports injection. ​Monitor mode and injection testing works. ​ Assuming ​you use a MAC address already associated ​with an AP, normal injection ​and chopchop attack works. Fake authentication ​and the fragmentation attacks do not work although some people have reported limited success. ​Perhaps this depends on the revision level of the chipset.

+

The ZyDAS zd1211 and zd1211b ​(//also known as AR5007UG//) chips are one of the most distributed wireless b/g chips in the market. They are also the cheapest, on eBay, you can get one for about 5-6USD shipping included. In the same time, these chips are very stable, ​with excellent range and sensitivity, both under Linux and Windows ​and you can purchase one with or without an external antenna. The [[http://​linuxwireless.org/​en/​users/​Drivers/​zd1211rw|zd1211rw]] driver, which covers ​the chips under linux is very well built, offering reliable wireless connectivity as well as injection and monitoring support via aircrack-ng'​s utilities.

-

Starting with kernels ​2.6.25 and up, both chipsets ​support ​injection completely, except ​for the fragmentation attack, which is still being worked on. This page only deals with pre-2.6.25 ​kernels, for newer ones, see [[zd1211rw-mac80211]].

+

The zd1211rw was included in mainline kernel ​2.6.18 as a softmac driver, known to be notoriously unstable and heavily crippled in terms aircrack-ng ​support. Things turned ​for the better when the zd1211rw was ported as mac80211 driver since kernel ​2.6.25, ​a move which led the zd1211rw ​to gain excellent support for injection and monitoring.

-

Bottom line, the Zydas chipset ​is only recommended for use with the aircrack-ng suite if you have a fairly-recent kernel (2.6.25 or newer), due to the large number of problems with it. There are simply too many problems associated with the driver and the specific wireless devices. (Most of these problems are fixed by the mac80211-based driver in kernels 2.6.25 and up.)

+

The only unsupported function ​is the fragmentation "-5" attack. A bug in the firmware prevents that. The frag attack is not mandatory for the zd1211rw driver to inject ​or capture packets, it's only one of the many attacks designed to penetrate WEP encryption.

-

The zd1211rw driver has been incorporated into the latest kernels. ​ So you will have to patch the kernel source to obtain injection support. ​ This is described below in detail.

+

Overall, its a great all-purpose chip to have for wireless auditing and general connectivity.

-

The following links may be helpful ​to you to learn more about the driver ​and which devices are supported by it:

* [[http://​wiki.d3xt3r01.tk/index.php/​ZD1211rw_with_patches_for_aircrack-ng|ZD1211rw with patches for aircrack-ng]]

+

-

===== Patching zd1211rw =====

+

**1.** cd into your kernel sources

-

There are some new patches ​developed by SuD. They are especially designed for 2.6.24 kernels but the also work on previous versions. ​ The patches are still being tested. ​ So any feedback would be especially valued.

The most frequent road block you'll stumble upon is compilation errors with compat-wireless. They'​re not necessarily **//your//** fault. Every now and then compat-wireless tar balls are released with compilation errors which are subsequently fixed. If this happens to you, simply download and install a version from the previous day or two.

-

For zd1211rw, either use aircrack'​s ​2.6.23 zydas patch, or SuD's zd1211rw 2.6.24.4 or 2.6.25 patch.

+

=== Kernel ​2.26.24+ ===

+

**1.** Go to http://​wireless.kernel.org/​download/​compat-wireless-2.6/,​ download the latest version of compat-wireless and untar the package: **tar xfj compat-wireless-2.6.tar.bz2**

-

This section will describe how to patch your driver ​for injection. ​ There is quite a bit of variation between distributions so this describe the general steps you must take. You will have to tweak the instructions for your specific distribution and kernel version. It assumes a reasonable level of unix knowledge and experience. If you don't have this, ask a friend to help you out. If you can't follow these instructions then you should not be messing with your kernel. ​Don'​t post to the [[http://forum.aircrack-ng.org/​|Forum]] asking ​for detailed instructions.

+

**2.** Next up, **cd to your /​path/​to/​compat-wireless** directory and download the patch, required ​for injection: [[http://​www.zlaten.biz/​tmp/​zd1211rw-inject+dbi-fix-2.6.26.patch|zd1211rw-inject+dbi-fix-2.6.26.patch]], the fixed channel patch, [[http://​patches.aircrack-ng.org/​channel-negative-one-maxim.patch|channel-negative-one-maxim.patch]] and the [[http://patches.aircrack-ng.org/​mac80211.compat08082009.wl_frag+ack_v1.patch|mac80211.compat08082009.wl_frag+ack_v1.patch]] for higher injection speed. Visit the general [[mac80211|mac80211]] wiki page for details.

-

You will need to have your kernel headers and full source already installed on your system. See [[zd1211rw#​installing_fedora_kernel_headers_and_source|Installing Fedora kernel headers and sources]] below for how to do this on Fedora.

+

**3.** Apply the patches:

-

Copy contents of **/usr/src/​linux/​net/​ieee80211** to a safe place. This is so you can recover if things go bad or if you want to apply a new version ​of the patch.

+

patch -Np0 -i zd1211rw-inject+dbi-fix-2.6.26.patch.

+

patch -Np1 -i mac80211.compat08082009.wl_frag+ack_v1.patch.

+

patch -Np1 -i channel-negative-one-maxim.patch.

+

__Note:​__ ​//the **xxxxx-xxxx-xxxx.patch** files must be in your compat-wireles-xxxx-xx-xx directory while patching, otherwise ​you will be asked to provide full path of the file which needs to be patched, example: /​home/​user/​compat-wireless-xxxx-xx-xx/​drivers/​net/​wireless/​zd1211rw/​zd_mac.c//

-

Copy contents of **/​usr/​src/​linux/​drivers/​net/​wireless/​zd1211rw** to a safe place. This is so you can recover if things go bad or if you want to apply a new version of the patch.

+

**4.** Patching ​is complete and we are ready to compile our driver, type **make** for the process to begin and wait for few minutes to complete.

-

Download and expand the latest version of the aircrack-ng suite to obtain the patches or download the from [[http://​patches.aircrack-ng.org/​|here]]. Typically, you will need the svn version to have best patches. Please note that the patch names might change so you may have to adjust the version numbers in the next few steps.

+

**5.** Barring any errors, next up is installing, **sudo make install**

-

Copy zd1211rw_inject_2.6.23.patch ​to **/​usr/​src/​linux/​**

+

**6.** Now that the newly compiled driver is installed, we are ready to use it, but before that we have to unload the old driver by typing ​**sudo make wlunload**

-

cd /​usr/​src/​linux/​

+

**7.** To load the new driver, just type **sudo modprobe zd1211rw** or simply unplug and plug again your USB adapter. Reboot if you're unsure

-

NOTE: In the following lines, verbose and dry-run have a double dash in front of them.

+

**8.** That's it! This concludes ​the zd1211 injection tutorial. You should now be able to inject. [[injection_test|Test]] your USB device, by setting it to monitor mode (airmon-ng)

As mentioned above, kernels prior to 2.6.25 (2.6.2**4** with compat-wireless) are shipped with the softmac version of the driver which in its best day supports only half the functions, half the time. In other words, if you're stuck on an ancient kernel, you're pretty much out of luck. Your best bet is to either install a supported kernel, or utilize one of the many Live CDs with pre-configured settings for aircrack-ng.

And if you're absolutely bent on installing the softmac driver on an old kernel, you can try [[http://www.zlaten.biz/tmp/zd1211rw-compat.tar.gz|this]] source code. Be warned, you'll be disappointed with the outcome.

Some kernels incorporate the functionality built into the kernel. ​ If you want to change the zd1211rw and ieee802.11 to loadable modules, the following describes how to do this. The source of this note is this [[http://​forum.aircrack-ng.org/​index.php?​topic=1658.msg8736#​msg8736|thread]] in the forum.

+

-

+

-

These are the settings for menuconfig using 2.6.20-gentoo-r7,​ changing from kernel built-in to loadable modules for the purposes of these patches. ​ This will likely work as well on other distributions.

+

-

+

-

First, change the appropriate items in menuconfig:​

+

-

+

-

cd /​usr/​src/​linux

+

-

+

-

make menuconfig

+

-

+

-

​Networking ---->

+

-

then set

+

-

<​M>​ Generic IEEE802.11 Networking Stack

+

-

<​M>​ Software MAC add-on to the IEEE 802.11 netowrking stack

+

-

all other module capable IEEE 80211 items will have automatically set themselves to <M>

If your device is not listed then you first need to determine why and correct it.

+

-

+

-

Use "​dmesg"​ to ensure your device was properly loaded. ​ You may have do "​modprobe zd1211rw"​ to cause the kernel module to be loaded. ​ Below is an example of the zd1211rw module being successfully loaded. ​ Sample dmesg output:

Depending on the error messages in dmesg, take the appropriate action.

+

-

+

-

Use "​lsmod"​ and ensure the zd1211rw module is loaded. Below is a subset of the output from lsmod showing the zd1211rw in memory. ​ Notice there are other dependencies. ​ Sample lsmod output:

+

-

+

-

​Module ​ Size Used by

+

-

​zd1211rw ​ ​52740 ​ 0

+

-

​ieee80211softmac ​ ​35265 ​ 1 zd1211rw

+

-

​ieee80211 ​ 35784 2 zd1211rw,​ieee80211softmac

+

-

​ieee80211_crypt ​ 10112 1 ieee80211

+

-

+

-

A common problem on new kernels is that the new mac80211 version of the driver gets loaded instead of the older legacy driver covered on this page. The newer driver doesn'​t need any patches and has better injection support, but it requires aircrack-ng 1.0 beta, and doesn'​t work with 0.9 or earlier. The new driver can be identified by an lsmod output that looks like this:

+

-

+

-

​Module ​ Size Used by

+

-

​zd1211rw ​ ​67204 ​ 0

+

-

​mac80211 ​ 229108 ​ 1 zd1211rw

+

-

​cfg80211 ​ ​27528 ​ 1 mac80211

+

-

+

-

If that is the case, and you are having problems with the new driver, then you need to blacklist the modules by editing /​etc/​modprobe.d/​blacklist and add the following, and reboot:

+

-

+

-

#​zd1211rw wireless drivers

+

-

​blacklist zd1211rw

+

-

​blacklist zd1211rw_mac80211

+

-

+

-

Also ensure that the time stamp on zd1211rw.ko module matches the date and time you compiled it. Otherwise this may mean you are running the wrong version of the module.

+

-

(Of course, you might also just update aircrack-ng to 1.0-rc1 or 1.0-svn, and use the unpatched mac80211 driver with it.)

+

-

+

-

Note however, that starting with kernel v2.6.25, zd1211rw is only available in the new mac80211 flavor, so you need to use an updated aircrack-ng for it.

+

-

+

-

+

-

===== Couldn'​t load firmware. Error number -2 =====

+

If dmesg has an error similar to the following:

If dmesg has an error similar to the following:

Line 224:

Line 96:

- http://​sourceforge.net/​project/​showfiles.php?​group_id=129083

- http://​sourceforge.net/​project/​showfiles.php?​group_id=129083

-

- RPM for you distribution. ​ For example under fedora it is similar to "​zd1211-firmware-x.x-x.fcx"​

+

- RPM for you distribution. ​ For example under fedora it is similar to "​zd1211-firmware-x.x-x.fcx"​. On Gentoo, you can emerge net-wireless/​zd1211-firmware .

-

===== Why do I get ioctl(SIOCGIFINDEX) failed ? =====

+

=== Why do I get ioctl(SIOCGIFINDEX) failed ? ===

If you get error messages similar to:

If you get error messages similar to:

Line 235:

Line 107:

Then [[faq#​why_do_i_get_ioctl_siocgifindex_failedno_such_device|See this FAQ entry]].

Then [[faq#​why_do_i_get_ioctl_siocgifindex_failedno_such_device|See this FAQ entry]].

+

===== Feedback =====

+

+

* Instructions and discussion about the zd1211rw in the forum [[http://​forum.aircrack-ng.org/​index.php?​topic=5334.0|here]]